In July 2017, advanced threat detection startup BluVector augmented its machine learning-based analytics engine to detect memory-based attacks in real time. This means the BluVector Network Security Monitoring and Analytics platform leverages a new network emulation technique to identify a broader spectrum of attacks coming from both malicious files and embedded file attacks executed in memory. The release is timely, considering memory-based attacks increased dramatically over the last 12 to 18 months.

BluVector, a recent spinoff from defense contractor Northrop Grumman, managed to generate a healthy buzz around its ability to reduce the amount of time it takes to detect zero-day malware on enterprise networks, using patented supervised machine learning techniques. But that capability, which the company claims produces far fewer false positives was, until recently, focused on malware using malicious files to infect its hosts. It did little to address the use of file-less, memory-based attacks increasingly deployed by cyber criminals. Recognizing the gap, the company implemented a technique called speculative code execution. This approach attempts to determine what an input can do, rather than observe what it does when it executes offline in a sandbox. Running in parallel with their already patented file-based detection, speculative code execution enables BluVector to detect malicious shellcode and JavaScript embedded in files, while at the same time adding delay for analysis and avoiding triggering sandbox evasion techniques increasingly used by malware to avoid detection.